diff options
-rw-r--r-- | source3/include/rpc_samr.h | 4 | ||||
-rw-r--r-- | source3/rpc_client/cli_samr.c | 16 | ||||
-rw-r--r-- | source3/rpc_parse/parse_samr.c | 33 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr.c | 10 |
4 files changed, 42 insertions, 21 deletions
diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h index 54df484444..44e1c61484 100644 --- a/source3/include/rpc_samr.h +++ b/source3/include/rpc_samr.h @@ -535,8 +535,8 @@ typedef struct r_samr_enum_dom_users_info uint32 num_entries3; - SAM_ENTRY sam[MAX_SAM_ENTRIES]; - UNISTR2 uni_acct_name[MAX_SAM_ENTRIES]; + SAM_ENTRY *sam; + UNISTR2 *uni_acct_name; uint32 num_entries4; diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c index f822937cef..49db8c8216 100644 --- a/source3/rpc_client/cli_samr.c +++ b/source3/rpc_client/cli_samr.c @@ -769,13 +769,6 @@ BOOL samr_enum_dom_users(struct cli_state *cli, uint16 fnum, int name_idx = 0; *num_sam_users = r_e.num_entries2; - if (*num_sam_users > MAX_SAM_ENTRIES) - { - *num_sam_users = MAX_SAM_ENTRIES; - DEBUG(2,("samr_enum_dom_users: sam user entries limited to %d\n", - *num_sam_users)); - } - *sam = (struct acct_info*) malloc(sizeof(struct acct_info) * (*num_sam_users)); if ((*sam) == NULL) @@ -798,6 +791,15 @@ BOOL samr_enum_dom_users(struct cli_state *cli, uint16 fnum, } valid_pol = True; } + + if (r_e.sam != NULL) + { + free(r_e.sam); + } + if (r_e.uni_acct_name != NULL) + { + free(r_e.uni_acct_name); + } } prs_mem_free(&data ); diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c index f4447c7dc9..a6069f5ff3 100644 --- a/source3/rpc_parse/parse_samr.c +++ b/source3/rpc_parse/parse_samr.c @@ -1047,14 +1047,9 @@ void make_samr_r_enum_dom_users(SAMR_R_ENUM_DOM_USERS *r_u, DEBUG(5,("make_samr_r_enum_dom_users\n")); - if (num_sam_entries >= MAX_SAM_ENTRIES) - { - num_sam_entries = MAX_SAM_ENTRIES; - DEBUG(5,("limiting number of entries to %d\n", - num_sam_entries)); - } - r_u->next_idx = next_idx; + r_u->sam = NULL; + r_u->uni_acct_name = NULL; if (num_sam_entries != 0) { @@ -1063,8 +1058,14 @@ void make_samr_r_enum_dom_users(SAMR_R_ENUM_DOM_USERS *r_u, r_u->num_entries2 = num_sam_entries; r_u->num_entries3 = num_sam_entries; - SMB_ASSERT_ARRAY(r_u->sam, num_sam_entries); - SMB_ASSERT_ARRAY(r_u->uni_acct_name, num_sam_entries); + r_u->sam = Realloc(NULL, r_u->num_entries2 * sizeof(r_u->sam[0])); + r_u->uni_acct_name = Realloc(NULL, r_u->num_entries2 * sizeof(r_u->uni_acct_name[0])); + + if (r_u->sam == NULL || r_u->uni_acct_name == NULL) + { + DEBUG(0,("NULL pointers in SAMR_R_QUERY_DISPINFO\n")); + return; + } for (i = 0; i < num_sam_entries; i++) { @@ -1110,7 +1111,17 @@ void samr_io_r_enum_dom_users(char *desc, SAMR_R_ENUM_DOM_USERS *r_u, prs_struc prs_uint32("ptr_entries2", ps, depth, &(r_u->ptr_entries2)); prs_uint32("num_entries3", ps, depth, &(r_u->num_entries3)); - SMB_ASSERT_ARRAY(r_u->sam, r_u->num_entries2); + if (ps->io) + { + r_u->sam = Realloc(NULL, r_u->num_entries2 * sizeof(r_u->sam[0])); + r_u->uni_acct_name = Realloc(NULL, r_u->num_entries2 * sizeof(r_u->uni_acct_name[0])); + } + + if ((r_u->sam == NULL || r_u->uni_acct_name == NULL) && r_u->num_entries2 != 0) + { + DEBUG(0,("NULL pointers in SAMR_R_QUERY_DISPINFO\n")); + return; + } for (i = 0; i < r_u->num_entries2; i++) { @@ -1118,8 +1129,6 @@ void samr_io_r_enum_dom_users(char *desc, SAMR_R_ENUM_DOM_USERS *r_u, prs_struc sam_io_sam_entry("", &(r_u->sam[i]), ps, depth); } - SMB_ASSERT_ARRAY(r_u->uni_acct_name, r_u->num_entries2); - for (i = 0; i < r_u->num_entries2; i++) { prs_grow(ps); diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c index 4f190270dd..0371fbc88c 100644 --- a/source3/rpc_server/srv_samr.c +++ b/source3/rpc_server/srv_samr.c @@ -354,6 +354,16 @@ static void samr_reply_enum_dom_users(SAMR_Q_ENUM_DOM_USERS *q_u, /* store the response in the SMB stream */ samr_io_r_enum_dom_users("", &r_e, rdata, 0); + if (r_e.sam != NULL) + { + free(r_e.sam); + } + + if (r_e.uni_acct_name != NULL) + { + free(r_e.uni_acct_name); + } + DEBUG(5,("samr_enum_dom_users: %d\n", __LINE__)); } |